PRIVACY AND PERSONAL DATA PROCESSING SECURITY POLICY OF CN POŞTA ROMÂNĂ SA
In accordance with the provisions of the General Data Protection Regulation (EU) No. 679/2016 – GDPR or the Regulation concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, CN POŞTA ROMÂNĂ SA - CNPR processes personal data for legitimate purposes, respecting the principles mentioned below.
CNPR collects and processes personal data for the purposes of:
CNPR collects and processes personal data for the purposes of:
- providing postal services;
- advertising, marketing and publicity;
- customs brokerage activities.
1. Principles of personal data processing
Notification: CNPR as a personal data controller is registered with the National Supervisory Authority for Personal Data Processing under no. 8077 of 10.01.2008;
Lawfulness: Personal data is processed in good faith, based on and in accordance with the legal provisions in force, including the provisions of the Regulation;
Purpose and limitation determined by purpose: Any processing of personal data is carried out for well-defined, explicit, and legitimate purposes, adequate, relevant and not excessive in relation to the purpose for which they are collected and subsequently processed;
Confidentiality: Persons processing personal data on behalf of CNPR have an explicit confidentiality clause regarding the processing of personal data stipulated in their individual employment contract and in the "job description";
Consent of the data subject: In certain situations, except for processing involving categories of data strictly mentioned in the Regulation, processing may be carried out only if the data subject has given their express and unequivocal consent for that processing; in other situations CNPR will also carry out processing in accordance with the provisions of the Regulation and the legislation in force;
Information: Data subjects are explicitly informed, through online and offline means, that their personal data will be processed for the purpose of providing CNPR services;
Protection of data subjects: Data subjects are guaranteed the right to be informed and to access the processed data, the right to rectification, the right to restriction and the right to erasure of data, the right to data portability and the right not to be subject to an individual decision based on personal data processing. At the same time, the data subject has the right to address the National Supervisory Authority for Personal Data Processing or the courts to defend any rights protected by law that have been violated;
Protection of minors: Minors who have reached the age of 14 may purchase products or services in their own name and request and receive communications from CNPR with the consent of the legal representative, according to the law. Any processing of personal data of minors will be carried out only under the conditions of the law.
Data transfer: CNPR does not transfer personal data except in cases expressly provided by law;
Profiling: CNPR does not create profiles of postal service users. In the case of marketing studies developed by CNPR, the unequivocal consent of the data subjects is requested.
Accuracy: CNPR requires the support of its clients in providing data for the provision of postal services, however, the accuracy of this data depends on the quality of the information provided by the data subjects and/or contractual partners;
Identification: To resolve requests related to the processing of personal data addressed to CNPR the data subject must provide proof of having used the postal service;
Storage: CNPR stores personal data for the period necessary to achieve the purposes for which they were collected, respectively to comply with the legal provisions in force;
Security: CNPR uses security methods and technologies, together with policies applied to employees and working procedures, including control, evaluation, and audit, to protect the personal data collected in accordance with the legal provisions in force.
Notification: CNPR as a personal data controller is registered with the National Supervisory Authority for Personal Data Processing under no. 8077 of 10.01.2008;
Lawfulness: Personal data is processed in good faith, based on and in accordance with the legal provisions in force, including the provisions of the Regulation;
Purpose and limitation determined by purpose: Any processing of personal data is carried out for well-defined, explicit, and legitimate purposes, adequate, relevant and not excessive in relation to the purpose for which they are collected and subsequently processed;
Confidentiality: Persons processing personal data on behalf of CNPR have an explicit confidentiality clause regarding the processing of personal data stipulated in their individual employment contract and in the "job description";
Consent of the data subject: In certain situations, except for processing involving categories of data strictly mentioned in the Regulation, processing may be carried out only if the data subject has given their express and unequivocal consent for that processing; in other situations CNPR will also carry out processing in accordance with the provisions of the Regulation and the legislation in force;
Information: Data subjects are explicitly informed, through online and offline means, that their personal data will be processed for the purpose of providing CNPR services;
Protection of data subjects: Data subjects are guaranteed the right to be informed and to access the processed data, the right to rectification, the right to restriction and the right to erasure of data, the right to data portability and the right not to be subject to an individual decision based on personal data processing. At the same time, the data subject has the right to address the National Supervisory Authority for Personal Data Processing or the courts to defend any rights protected by law that have been violated;
Protection of minors: Minors who have reached the age of 14 may purchase products or services in their own name and request and receive communications from CNPR with the consent of the legal representative, according to the law. Any processing of personal data of minors will be carried out only under the conditions of the law.
Data transfer: CNPR does not transfer personal data except in cases expressly provided by law;
Profiling: CNPR does not create profiles of postal service users. In the case of marketing studies developed by CNPR, the unequivocal consent of the data subjects is requested.
Accuracy: CNPR requires the support of its clients in providing data for the provision of postal services, however, the accuracy of this data depends on the quality of the information provided by the data subjects and/or contractual partners;
Identification: To resolve requests related to the processing of personal data addressed to CNPR the data subject must provide proof of having used the postal service;
Storage: CNPR stores personal data for the period necessary to achieve the purposes for which they were collected, respectively to comply with the legal provisions in force;
Security: CNPR uses security methods and technologies, together with policies applied to employees and working procedures, including control, evaluation, and audit, to protect the personal data collected in accordance with the legal provisions in force.
2. Personal Data Processing Policy
In accordance with the principles of the Regulation and the legislation in force, CNPR has the obligation to process personal data provided to it with responsibility.
In accordance with the principles of the Regulation and the legislation in force, CNPR has the obligation to process personal data provided to it with responsibility.
3. Rights of the data subject
In accordance with the provisions of the Regulation, the data subject has the following rights:
In accordance with the provisions of the Regulation, the data subject has the following rights:
- the right to obtain from CNPR, upon request and free of charge, confirmation as to whether or not personal data concerning them is being processed by CNPR, and if the data is processed by CNPR the person concerned is guaranteed the right to access such data;
- the right to obtain from CNPR, upon request and free of charge, rectification, updating, blocking or deletion of data (the right to be forgotten) whose processing is not in compliance with the Regulation;
- the right to obtain from CNPR, upon request and free of charge, notification to third parties to whom the data has been disclosed of any operation carried out in accordance with the Regulation, if such notification is not impossible or does not involve a disproportionate effort compared to the legitimate interest which may be harmed;
- the right to object to and restrict at any time, for justified and legitimate reasons, the processing of data concerning them, except where there are legal provisions to the contrary; in the case of justified objection, the processing can no longer concern the data in question;
- the right to data portability, namely the receipt of personal data, upon request, in a structured, commonly used and machine-readable format and the right for such data to be transmitted directly to another operator, if technically feasible. Furthermore, to complain about violations of rights protected by the Regulation, the data subject may address the ANSPDCP - National Supervisory Authority for Personal Data Processing or the courts.
4. Data Protection Officer
In accordance with the provisions of the Regulation, CNPR has appointed a data protection officer at the organizational level and offers multiple means of communication and information regarding the Regulation, namely: email: protectia.datelor@ro.post, web: www.posta-romana.ro, call center: 021/ 9393.
In accordance with the provisions of the Regulation, CNPR has appointed a data protection officer at the organizational level and offers multiple means of communication and information regarding the Regulation, namely: email: protectia.datelor@ro.post, web: www.posta-romana.ro, call center: 021/ 9393.
5. Security of personal data
In accordance with the provisions of the Regulation, CNPR makes constant efforts, on the one hand, to ensure an adequate level of security and to reduce/eliminate risks that may affect the processed personal data and, on the other hand, to maintain the capacity to ensure continuous confidentiality, integrity, availability, and resilience of processing systems and services.
In accordance with the provisions of the Regulation, CNPR makes constant efforts, on the one hand, to ensure an adequate level of security and to reduce/eliminate risks that may affect the processed personal data and, on the other hand, to maintain the capacity to ensure continuous confidentiality, integrity, availability, and resilience of processing systems and services.
6. Risk management
With regard to risks, CNPR takes particular account of the risks presented by data processing, generated especially, accidentally or illegally, by the destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored or otherwise processed.
With regard to risks, CNPR takes particular account of the risks presented by data processing, generated especially, accidentally or illegally, by the destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored or otherwise processed.
7. Data breach notification
The data breach will be communicated by CNPR within the deadlines established by the Regulation, without unjustified delays, to all involved parties as indicated by the Regulation. For more details and information, any interested person may contact the National Supervisory Authority for Personal Data Processing, contact: Address: Bdul. Gral. Gh. Magheru no. 28-30, sector 1, Bucharest; Web: www.dataprotection.ro.
The data breach will be communicated by CNPR within the deadlines established by the Regulation, without unjustified delays, to all involved parties as indicated by the Regulation. For more details and information, any interested person may contact the National Supervisory Authority for Personal Data Processing, contact: Address: Bdul. Gral. Gh. Magheru no. 28-30, sector 1, Bucharest; Web: www.dataprotection.ro.
The security policy for the protection of natural persons regarding the processing of personal data applies to all employees of CNPR, as well as to all central and territorial structures of CN POŞTA ROMÂNĂ SA.
Date: 07.05.2018
